b"                                                                UNITED STATES DEPARTMENT OF COMMERCE\n                                                                The Inspector General\n                                                                Washington, D.C. 20230\n\n\nJune 28, 20 13\n\nThe Honorable Darrell lssa \n\nChairman \n\nCommittee on Oversight and Government Reform \n\nU.S. House of Representatives \n\nWashington, DC 20515-6143 \n\n\nDear Mr. Chairman:\n\nIn response to your request of June 17, 20 13, we are providing current information on our \n\noffice's open and unimplemented recommendations, including: \n\n        \xe2\x80\xa2 \t The number of open and unimplemented recommendations (see enclosure I)\n        \xe2\x80\xa2 \t The cumulative estimated cost savings associated with the current number of open and\n            unimplemented OIG recommendations (see enclosure 2)\n\n        \xe2\x80\xa2 \t Those recommendations that would result in cost savings if implemented (see enclosure\n            2)-for which we include the recommendation, the date the recommendation was\n            made, and the cost savings that we believe would be realized if agency management\n            implemented the recommendation\nAs requested, we also identify what we consider to be the three most important\nunimplemented recommendations we have made to the Department or its bureaus (for further\ndetails, see enclosure 3), concerning:\n\n        \xe2\x80\xa2 \t Departmental contracts\n        \xe2\x80\xa2 \t Departmental IT security\n        \xe2\x80\xa2 \t National Oceanic and Atmospheric Administration environmental satellite programs\nIf you have any questions or require additional information, you or your staff may contact me at\n(202) 482-4661 or Ann Eilers, Principal Assistant Inspector General for Audit and Evaluation, at\n(202) 482-2754.\nSincerely,\n\n'I~t ~ ... .._ _\xc2\xad\nTodd J. Zinser\n\nEnclosures\n\ncc: \t      The Honorable Elijah E. Cummings, Ranking Minority Member\n           The Honorable Penny Pritzker, Secretary of Commerce\n\x0cEnclosure 1:\n\nOIG\xe2\x80\x99s Open and Unimplemented Recommendations as of June 21, 2013\n\n                                             Recommendations\n    Calendar     Recommendations                                         Recommendations Still\n                                                 Still Open\n    Year              Made                                                  Unimplemented\n                                               (Unresolved)\n    2007                  187                          0                               1\n    2008                  143                          0                               0\n    2009                  100                          0                               2\n    2010                   93                          0                               7\n    2011                   52a                         0                              32\n    2012                  125                          0                              95\n    2013b                  46                         20                              26\n    Total                 746                         20                             163\na\n  A previous OIG table \xe2\x80\x9cOIG's Open and Unimplemented Recommendations Since 2007\xe2\x80\x9d\xe2\x80\x94which we submitted in \n\nApril 2012 as enclosure 1 in our response to the Committee\xe2\x80\x99s request\xe2\x80\x94included 14 recommendations from\n\nfinancial assistance audits that are not included in this current table.\n\nb\n  As of June 21, 2013.\n\n\nWe compiled this table by reviewing all performance audit, evaluation, and inspection reports\nthat we issued during the period of January 1, 2007, through June 21, 2013. We have not\nincluded classified or sensitive nonpublic recommendations, recommendations in financial\nstatement audits, or those addressed to specific nonfederal entities in connection with audits of\nfinancial assistance awards.\n\nAfter OIG issues a final report, a bureau has up to 60 days to submit a corrective action plan\nfor OIG\xe2\x80\x99s approval. The 20 \xe2\x80\x9copen\xe2\x80\x9d (unresolved) recommendations from 2013 reports are due\nto 3 reports for which the bureaus had not yet submitted corrective action plans as of June 21,\n2013:\n      \xe2\x80\xa2\t OIG-13-024-A, Audit of Geostationary Operational Environmental Satellite-R Series:\n         Comprehensive Mitigation Approaches, Strong Systems Engineering, and Cost Controls Are\n         Needed to Reduce Risks of Coverage Gaps (issued April 25, 2013)\n      \xe2\x80\xa2\t OIG-13-025-A, Internal Controls for Purchase Card Transactions Need to Be Strengthened\n         (issued May 2, 2013)\n      \xe2\x80\xa2\t OIG-13-026-A, Monitoring of Obligation Balances Needs Strengthening\n\n         (issued June 18, 2013)\n\n\n\xe2\x80\x9cUnimplemented\xe2\x80\x9d recommendations have approved action plans, but the bureaus have not yet\ncompleted their implementation of the recommendations.\n\n\n\n\n                                                   2\n\x0cEnclosure 2:\nOIG\xe2\x80\x99s Open and Unimplemented Recommendations That Have Associated\nEstimated Cost Savings\nThe cumulative estimated cost savings associated with the current number of open and\nunimplemented OIG recommendations is $385.3 million.\n\n   Reports with Recommendations That Have Associated Estimated Cost Savings\n                     Recommendations                          Estimated Cost Savings\nReport: OIG-12-019-I, More Action Needed to Improve Controls in Asset Forfeiture\nFund (issued February 8, 2012)\nWe recommend that the Under Secretary of Commerce for\nOceans and Atmosphere require that the National Oceanic\nand Atmospheric Administration\xe2\x80\x99s (NOAA\xe2\x80\x99s) Office of Law\nEnforcement, the Enforcement Section, and NOAA Finance                 $871,000\n                                                     a\nimplement a process to ensure that deposit account cases are funds to be put to better use\nperiodically reviewed and that legally resolved cases are\ntransferred from the deposit account or returned to a\nrespondent in a timely manner.\n\nWe recommend that the Under Secretary for Oceans and\n                                                                                     $3,900,000\nAtmosphere require that the Enforcement Section and NOAA\n                                                                                  unsupported costs\nFinance develop policies and procedures to consistently pursue\n                                                                                    and write-offs\ncollection of fines and penalties in a manner that treats all\nrespondents uniformly, and in compliance with the Debt\nCollection Improvement Act of 1996.\na\n The \xe2\x80\x9cdeposit account\xe2\x80\x9d holds proceeds that are pending legal determination from the sale of property seized by\nOLE agents. Once a case has a determination, funds should be moved from the deposit account in accordance with\nthe legal disposition\xe2\x80\x94either by returning money to the respondent or transferring money to one of NOAA\xe2\x80\x99s\nmarine resource funds.\nReport: OIG-12-027-A, NOAA\xe2\x80\x99s Cost-Plus-Award-Fee and Award-Term Processes Need\n\nto Support Fees and Extensions (issued May 18, 2012)\n\nWe recommend that the Director of the NOAA Acquisition \n\nand Grants Office require performance monitors to provide\n\nnarrative comments that identify specific strengths, \n\nweaknesses, and deficiencies to support assigned ratings.\n   $43,802,965\n                                                                                   questioned costs\nWe recommend that the Director of the NOAA Acquisition\nand Grants Office develop award-fee and award-term incentive\nstructures that encourage contractor excellence.\n\nWe recommend that the Director of the NOAA Acquisition\nand Grants Office require a cost-benefit analysis in decisions                      $60,927,455\non cost-plus-award-fee and cost-plus-award-term contracts,                  funds to be put to better use\nincluding documentation of how the benefits will offset the\ncosts and justifications and approvals for all contract actions\ncontaining award-fee and award-term provisions.\n\n\n                                                      3\n\x0c   Reports with Recommendations That Have Associated Estimated Cost Savings\n                       Recommendations                          Estimated Cost Savings\nReport: OIG-13-001-I, Quarterly Conference Reporting Processes Need Improvement\n(issued October 17, 2012)\nWe recommend that the Director of the Office of\nAdministrative Services strengthen operating policy to ensure\nbureaus accurately report actual conference spending data,\nidentify estimated costs, and provide updates to these\nestimates when actual costs become available.                            $282,637\n                                                               funds to be put to better use\nWe recommend that the Director of the Office of\nAdministrative Services require bureaus to maintain supporting\ndocumentation for costs incurred, planning considerations, and\ndecision justifications.\nReport: OIG-13-010-I, U.S. Export Assistance Centers Could Improve Their Delivery\nof Client Services and Cost Recovery Efforts (issued November 30, 2012)\nWe recommend the Director General of the U.S. & Foreign\nCommercial Service take the following actions:\n   \xe2\x80\xa2   Develop strategies for minimizing the administrative\n       duties of trade specialists.\n   \xe2\x80\xa2   Upgrade or replace the current Client Tracking System.\n   \xe2\x80\xa2   Determine why some U.S. Export Assistance Centers                   $1,528,000\n       (USEACs) are underperforming and take corrective           funds to be put to better use\n       action or explore the following options: (1) consolidate\n       lower-producing USEACs with higher-producing\n       USEACs located within the same Metropolitan Statistical\n       Area (MSA), (2) close lower-producing USEACs\n       operating in MSAs with low export potential, and (3)\n       consider closing vacant USEACs.\n\n\n\n\n                                               4\n\x0c   Reports with Recommendations That Have Associated Estimated Cost Savings\n                        Recommendations                           Estimated Cost Savings\nReport: OIG-13-016-A, Fourth Annual Assessment of the Public Safety Interoperable\nCommunications (PSIC) Grant Program (issued February 22, 2013)\nWe recommend that the Assistant Secretary for\nCommunications and Information pursue the return of\n                                                                          $190,317\nquestioned unallowable costs for each grant recipient and\n                                                                      questioned costs\ndetermine the most appropriate process to recover\nquestioned costs in the future.\nReport: OIG-13-024-A, Audit of Geostationary Operational Environmental Satellite-R\n(GOES-R) Series: Comprehensive Mitigation Approaches, Strong Systems Engineering,\nand Cost Controls Are Needed to Reduce Risks of Coverage Gapsa (issued April 25, 2013)\nTo limit cost overruns and improper award fees for GOES-R\nFlight Project contracts, we recommend that the NOAA\nAssistant Administrator for Satellite and Information Services\nensure that the National Aeronautics and Space Administration\n                                                                        $105,940,788\n(NASA) modifies advanced baseline imager, geostationary\n                                                                funds to be put to better use\nlightning mapper, and spacecraft contract award-fee structures\nto reduce award fee percentages in accordance with the\ncurrent NASA Federal Acquisition Regulation Supplement, as\nwell as clearly articulates how scores should be adjusted based\non the magnitude of cost overruns.\n\nTo limit cost overruns and improper award fees for GOES-R\nFlight Project contracts, we recommend that the NOAA                                   $8,857,750\nAssistant Administrator for Satellite and Information Services                       questioned costs\nensure that NASA adjusts future award fees for the advanced\nbaseline imager to be more commensurate with contractor\nperformance and to incentivize the contractor to control\ncosts.\na\n In June 2013, we received NOAA\xe2\x80\x99s action plan, in which the agency disagreed with taking any actions necessary to\nimplement the above-noted two recommendations. The disagreement invokes the audit resolution process.\nReport: OIG-13-026-A, Monitoring of Obligation Balances Needs Strengthening\n(issued June 18, 2013)\nWe recommend that the Office of the Secretary develop a\nDepartment-wide initiative related to the timely liquidation,\ndeobligation, and closure of unneeded open obligations.\n                                                                                      $159,000,000\nWe recommend that the Office of the Secretary enhance\n                                                                              funds to be put to better use\npolicies and procedures to include specific, comprehensive\nguidance for the consistent monitoring and deobligation of\nunliquidated obligation balances, as well as ongoing\ndepartmental oversight.\n\n\n\n\n                                                       5\n\x0cEnclosure 3:\nOIG\xe2\x80\x99s Top Three Open and Unimplemented Recommendations\nas of June 21, 2013\nRecommendations related to Departmental contracts, including OIG-12-027-A,\nNOAA\xe2\x80\x99s Cost-Plus-Award-Fee and Award-Term Processes Need to Support Fees and\nExtensions (issued May 18, 2012)\n\nIn FY 2011, the Department obligated approximately $2.4 billion on contracts for goods and\nservices, including satellite acquisitions, intellectual property protection, broadband technology\nopportunities, management of coastal and ocean resources, information technology, and\nconstruction and facilities management. To maximize these funds, the Department needs to\nstrengthen its acquisition and contract management practices. While it has made some\nprogress, our audits continue to find weaknesses in how the Department and its agencies plan,\nadminister, and oversee contracts and acquisition programs.\nOne OIG audit report, from May 2012, contains important contracts-related recommendations\nthat remain unimplemented. This audit report relates to National Oceanic and Atmospheric\nAdministration\xe2\x80\x99s (NOAA\xe2\x80\x99s) rating and award-payment decisions when using cost contracts that\ncontain additional incentive award provisions (see table below):\n\n                                Audit                                                                      Cost\nReport                                           Top Unimplemented Recommendation(s)\n                           Objective(s)                                                                   Savings\n                       Assess award-fee and\n                       award-term ratings\n                       and payments made by      We recommend that the Director of the NOAA\n                       the agency, based on      Acquisition and Grants Office require:\n                       documentation used\nOIG-12-027-A,                                    \xe2\x80\xa2 performance monitors to provide narrative\n                       to support them, and\nNOAA\xe2\x80\x99s Cost-Plus-                                  comments that identify specific strengths,\n                       evaluate its award-fee                                                      Our audit report\nAward-Fee (CPAF) and                               weaknesses, and deficiencies to support\n                       and award-term                                                              identified $43,802,965\nAward-Term (CPAT)                                  assigned ratings\n                       guidance, payment                                                           in questioned costs\nProcesses Need to\n                       structure, and            \xe2\x80\xa2 a cost-benefit analysis in decisions on CPAF    and $60,927,455 in\nSupport Fees and\n                       evaluation criteria for     and CPAT contracts, including documentation     unsupported costs.\nExtensions (issued\n                       nine incentive              of how the benefits will offset the costs and\nMay 18, 2012)\n                       contracts: four CPAF        justifications and approvals for all contract\n                       contracts, four CPAT        actions containing award-fee and award-term\n                       contracts, and one          provisions\n                       contract with both\n                       award fees and terms\n\n\n\n\n                                                            6\n\x0cRecommendations related to the Department\xe2\x80\x99s IT security, including those\nreported in OIG-12-035-A, Significant IT Security Program Improvements Are Needed\nto Adequately Secure NTIA's Systems (issued September 7, 2012), and OIG-12-037-A,\nImprovements Are Needed to Strengthen ITA's Information Technology Security\nProgram (issued September 27, 2012)\n\nThe Federal Information Security Management Act of 2002 (FISMA) requires agencies to secure\nsystems against the loss, misuse, or unauthorized access to or modification of information\ncollected or maintained by, or on behalf of, an agency. In addition, FISMA requires inspectors\ngeneral to evaluate agencies\xe2\x80\x99 information security programs and practices by assessing a\nrepresentative subset of agency systems, with results reported to the Office of Management\nand Budget (OMB), Department of Homeland Security, and Congress annually. Over the years,\nOIG has repeatedly identified significant flaws in basic security measures protecting IT systems\nand information and made recommendations to correct them. Important recommendations\nfrom two recent FISMA audits\xe2\x80\x94of National Telecommunications and Information\nAdministration (NTIA) and International Trade Administration (ITA) systems, respectively\xe2\x80\x94\nremain unimplemented (see table below):\n\n\n\n\n                                               7\n\x0c                                Audit                                                                             Cost\nReport                                             Top Unimplemented Recommendation(s)\n                              Objective(s)                                                                       Savings\n                                                   The Assistant Secretary for Communications\n                                                   and Information should\n                                                   \xe2\x80\xa2\t revise the authorization status of NTIA\xe2\x80\x99s\n                                                      systems to interim authorization to operate\n                                                      until the following activities have been\n                                                      completed:\n                                                      (1) system owners and appropriate NTIA\n                                                      officials collaborate to identify and categorize\n                                                      all information types that are processed,\n                                                                                                          Implementation of our\n                          Assess the                  stored, or transmitted by each system and\n                                                                                                          recommendations will\nOIG-12-035-A,             effectiveness of            categorize each system accordingly\n                                                                                                          improve the security\nSignificant IT Security   NTIA\xe2\x80\x99s IT security          (2) system owners develop and maintain an           posture of NTIA\xe2\x80\x99s\nProgram Improvements      program by                  accurate hardware and software inventory for        information systems.\nAre Needed to             determining whether         their systems                                       However, we cannot\nAdequately Secure         key security measures\n                                                      (3) NTIA implements and assesses                    yet estimate particular\nNTIA's Systems (issued    adequately protect its\n                                                      appropriate IT security controls according to       cost savings associated\nSeptember 7, 2012)        systems and its\n                                                      Department policy and NIST SP 800-53, and           with these\n                          information\n                                                      (4) NTIA follows the plan of action and             improvements.\n                                                      milestones process required by the\n                                                      Department\xe2\x80\x99s IT security policy\n                                                   \xe2\x80\xa2\t ensure that system owners, IT security\n                                                      officers, authorizing officials, and other staff\n                                                      with critical IT security roles are appropriately\n                                                      trained, earn certifications as required by\n                                                      Department policy, and have the required\n                                                      metrics incorporated into their performance\n                                                      plans.\n                          Evaluate information                                                            Implementation of our\n                          security controls and                                                           recommendation will\nOIG-12-037-A,\n                          security-related                                                                improve the security\nImprovements Are\n                          documentation for six    The Under Secretary of Commerce for                    posture of ITA\xe2\x80\x99s\nNeeded to Strengthen\n                          ITA systems, to          International Trade should ensure that only            information systems.\nITA's Information\n                          determine whether        authorized software and USB devices are used on        However, we cannot\nTechnology Security\n                          key security measures    both servers and workstations.                         yet estimate particular\nProgram (issued\n                          adequately protect                                                              cost savings associated\nSeptember 27, 2012)\n                          ITA\xe2\x80\x99s systems and                                                               with these\n                          information                                                                     improvements.\n\nWhile the above recommendations remain unimplemented, both NTIA and ITA have made\nsignificant progress toward implementation and expect to fully implement them by September\n30 and October 1, 2013, respectively.\n\n\n\n\n                                                               8\n\x0cRecommendations related to NOAA environmental satellite programs, including\nthose reported in OIG-13-024A, Geostationary Operational Environmental Satellite\xe2\x80\x93R\n(GOES-R) Series: Comprehensive Mitigation Approaches, Strong Systems Engineering,\nand Cost Controls Are Needed to Reduce Risks of Coverage Gaps (issued April 25,\n2013); OIG-12-038-A, Joint Polar Satellite System (JPSS): Continuing Progress in\nEstablishing Capabilities, Schedules, and Costs Is Needed to Mitigate Data Gaps (issued\nSeptember 27, 2012), and OSE-18291, Successful Oversight of GOES-R Requires\nAdherence to Accepted Satellite Acquisition Practices (issued November 20, 2007)\n\nManaging risks in the acquisition and development of the next generation of environmental\nsatellites is a continuing challenge for the Department. The two most prominent programs, the\nJoint Polar Satellite System (JPSS) and the Geostationary Operational Environmental Satellite-R\nseries (GOES-R), together accounted for one-third of NOAA\xe2\x80\x99s FY 2013 budget request. They\nare also the largest investments in the Department, comprising nearly 20 percent of the total\nbudget. However, with cost overruns, schedule delays, and the aging of NOAA\xe2\x80\x99s current\nconstellation of satellites, NOAA is confronting coverage gaps for these critical weather-\nforecasting and mission-essential assets.\n\nImportant recommendations from three of our NOAA satellite audits (dating back to 2007)\nremain open or unimplemented (see table below):\n\n\n\n\n                                               9\n\x0c                                 Audit               Top Open (Unresolved)/Unimplemented                          Cost\nReport\n                               Objective(s)                     Recommendation(s)                                Savings\nOIG-13-024A,                                        Open (unresolved) recommendations: The\nGeostationary              Assess (1) the           NOAA Assistant Administrator for Satellite and\nOperational                adequacy of contract     Information Services should ensure that NASA:\n                           management and                                                               Our audit report\nEnvironmental Satellite\xe2\x80\x93\n                           administration and (2)   \xe2\x80\xa2 modifies contract award-fee structures to         identified $115 million in\nR (GOES-R) Series:\n                           the effectiveness of       reduce award fee percentages in accordance        potential monetary\nComprehensive\n                           management\xe2\x80\x99s               with the current NASA FAR Supplement, and         benefits\xe2\x80\x94about $9\nMitigation Approaches,\n                           direction, monitoring,     clearly articulates how scores should be          million in questioned\nStrong Systems\n                           and collaboration for      adjusted based on the magnitude of cost           costs and $106 million in\nEngineering, and Cost\n                           development of select      overruns.                                         funds to be put to better\nControls Are Needed to\n                           components of the                                                            use.\nReduce Risks of                                     \xe2\x80\xa2 adjusts future award fees to be more\nCoverage Gaps (issued      GOES-R program             commensurate with contractor performance,\nApril 25, 2013)                                       to incentivize the contractor to control costs.\n                                                                                                        While we cannot yet\nOIG-12-038-A, Joint                                 Unimplemented recommendations: The NOAA\n                                                                                                        project specific cost\nPolar Satellite System     (1) Assess the           Deputy Secretary for Operations should:             savings, implementation\n(JPSS): Continuing         adequacy of JPSS\n                                                    \xe2\x80\xa2 develop a policy that adheres to cost-            of our recommendations\nProgress in Establishing   formulation activities\n                                                      estimating best practices.                        should help prevent loss\nCapabilities, Schedules,   and (2) monitor the\n                                                                                                        of life and property by\nand Costs Is Needed to     program\xe2\x80\x99s efforts to     \xe2\x80\xa2 ensure that an independent cost estimate          ensuring the availability\nMitigate Data Gaps         maintain continuity of     adequately tests the viability of the program\xe2\x80\x99s   of critical data needed to\n(issued September 27,      polar satellite data       funding profile.                                  predict severe weather\n2012)\n                                                                                                        events.\n                                                                                                        With an estimated $23\n                                                                                                        billion for the\n                                                                                                        Department to spend on\n                                                                                                        GOES-R and JPSS\xe2\x80\x94two\n                                                                                                        critical environmental\n                           Determine whether                                                            satellite systems\xe2\x80\x94over\n                                                    Unimplemented recommendation: Department\nOSE-18291, Successful      the Department and                                                           their life cycle, plus $2.5\n                                                    officials should complete and implement the\nOversight of GOES-R        NOAA have                                                                    billion annually in major\n                                                    Department\xe2\x80\x99s major system acquisition policy\nRequires Adherence to      established effective                                                        IT investments alone, the\n                                                    and, for satellite programs, ensure the policy\nAccepted Satellite         oversight mechanisms                                                         Department must have\n                                                    incorporates the key decision points in NASA\nAcquisition Practices      for handling their                                                           an effective oversight\n                                                    Procedural Requirements (NPR) 7120.5D and\n(issued November 20,       expanded roles and                                                           program in place. The\n                                                    requires comprehensive independent reviews at\n2007)                      are leveraging NASA\xe2\x80\x99s                                                        benefits gained by\n                                                    all key decision points.a\n                           oversight expertise                                                          implementing our\n                                                                                                        recommendation may\n                                                                                                        result in cost savings;\n                                                                                                        however, we cannot yet\n                                                                                                        project a specific\n                                                                                                        amount.\na In June 2010 the Department created a new process, the Commerce Acquisition Framework, to manage acquisitions and reduce risk.\n\nOn November 6, 2012, the Department issued a memorandum on its Commerce Acquisition Project Management policy for\nimplementation on all Department acquisition projects and programs. OIG expects the Department to develop an administrative order\nfor major system acquisition policy within 6 months.\n\n\n\n\n                                                                10\n\n\x0c"